#7023

Committed 15 May 2026 10:51AM UTC coverage: 12.506% (-0.01%) from 12.52%

Build # #7023

Build Type

push

github

Committed by

web-flow

Commit Message

feat(boxsdkgen): Sanitize request body in `BoxAPIError` (box/box-codegen#948) (#1845)

Coverage Stats

0 of 41 new or added lines in 5 files covered. (0.0%)

20 existing lines in 10 files now uncovered.

8368 of 66914 relevant lines covered (12.51%)

0.13 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

0.0

/src/main/java/com/box/sdkgen/serialization/json/JsonManager.java

package com.box.sdkgen.serialization.json;

import com.box.sdkgen.internal.NullablePropertyFilter;
import com.box.sdkgen.internal.SerializableObject;
import com.fasterxml.jackson.core.JsonParser;
import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.core.type.TypeReference;
import com.fasterxml.jackson.databind.DeserializationFeature;
import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.databind.ObjectWriter;
import com.fasterxml.jackson.databind.ser.impl.SimpleFilterProvider;
import com.fasterxml.jackson.databind.util.TokenBuffer;
import java.io.IOException;
import java.net.URLEncoder;
import java.util.HashMap;
import java.util.Locale;
import java.util.Map;

public class JsonManager {

  public static final ObjectMapper OBJECT_MAPPER =
      new ObjectMapper().disable(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES);

  public static final SimpleFilterProvider EXPLICITLY_SET_FILTERS =
      new SimpleFilterProvider()
          .addFilter("nullablePropertyFilter", new NullablePropertyFilter())
          .setFailOnUnknownId(false);

  public static final ObjectWriter WRITER = OBJECT_MAPPER.writer(EXPLICITLY_SET_FILTERS);

  public static JsonNode serialize(Object value) {
    try {
      TokenBuffer tokenBuffer = new TokenBuffer(OBJECT_MAPPER, false);
      WRITER.writeValue(tokenBuffer, value);

      JsonNode node = tokenBuffer.asParser().readValueAsTree();
      tokenBuffer.close();

      return node;
    } catch (IOException e) {
      throw new RuntimeException(e);
    }
  }

  public static <T extends SerializableObject> T deserialize(JsonNode content, Class<T> valueType) {
    T deserializedObject = OBJECT_MAPPER.convertValue(content, valueType);
    deserializedObject.setRawData(content);
    return deserializedObject;
  }

  public static JsonNode jsonToSerializedData(String text) {
    try {
      return OBJECT_MAPPER.readTree(text);
    } catch (JsonProcessingException e) {
      throw new RuntimeException(e);
    }
  }

  public static JsonNode jsonToSerializedData(JsonParser jp) {
    try {
      return OBJECT_MAPPER.readTree(jp);
    } catch (IOException e) {
      throw new RuntimeException(e);
    }
  }

  public static String sdToJson(JsonNode jsonNode) {
    return jsonNode.toString();
  }

  public static String sdToUrlParams(JsonNode jsonNode) {
    Map<String, String> map =
        OBJECT_MAPPER.convertValue(jsonNode, new TypeReference<Map<String, String>>() {});
    StringBuilder formData = new StringBuilder();
    for (Map.Entry<String, String> entry : map.entrySet()) {
      if (formData.length() != 0) {
        formData.append('&');
      }
      formData.append(URLEncoder.encode(entry.getKey()));
      formData.append('=');
      formData.append(URLEncoder.encode(entry.getValue()));
    }
    return formData.toString();
  }

  public static String getSdValueByKey(JsonNode jsonNode, String key) {
    return jsonNode.get(key).asText();
  }

  public static String sanitizedValue() {
    return "---[redacted]---";
  }

  public static JsonNode sanitizeSerializedData(JsonNode sd, Map<String, String> keysToSanitize) {
    if (sd == null || !sd.isObject()) {
      return sd;
    }
    Map<String, JsonNode> sanitizedDictionary = new HashMap<>();
    sd.fields()
        .forEachRemaining(
            entry -> {
              String key = entry.getKey();
              JsonNode value = entry.getValue();
              if (keysToSanitize.containsKey(key.toLowerCase(Locale.ROOT)) && value.isTextual()) {
                sanitizedDictionary.put(key, new ObjectMapper().valueToTree(sanitizedValue()));
              } else if (value.isObject()) {
                sanitizedDictionary.put(key, sanitizeSerializedData(value, keysToSanitize));
              } else {
                sanitizedDictionary.put(key, value);
              }
            });

    return new ObjectMapper().valueToTree(sanitizedDictionary);
  }

  public static String sanitizeFormEncodedBodyFromString(
      String body, Map<String, String> keysToSanitize) {
    if (body == null) {
      return null;
    }

    String[] parameters = body.split("&", -1);
    StringBuilder sanitizedBodyBuilder = new StringBuilder();
    for (int i = 0; i < parameters.length; i++) {
      if (i > 0) {
        sanitizedBodyBuilder.append("&");
      }
      sanitizedBodyBuilder.append(sanitizeFormEncodedParameter(parameters[i], keysToSanitize));
    }
    return sanitizedBodyBuilder.toString();
  }

  private static String sanitizeFormEncodedParameter(
      String parameter, Map<String, String> keysToSanitize) {
    int separatorIndex = parameter.indexOf("=");
    if (separatorIndex < 0) {
      return parameter;
    }

    String key = parameter.substring(0, separatorIndex);
    String value = parameter.substring(separatorIndex + 1);
    String sanitizedValue =
        keysToSanitize.containsKey(key.toLowerCase(Locale.ROOT)) ? sanitizedValue() : value;
    return key + "=" + sanitizedValue;
  }
}

1	package com.box.sdkgen.serialization.json;
2
3	import com.box.sdkgen.internal.NullablePropertyFilter;
4	import com.box.sdkgen.internal.SerializableObject;
5	import com.fasterxml.jackson.core.JsonParser;
6	import com.fasterxml.jackson.core.JsonProcessingException;
7	import com.fasterxml.jackson.core.type.TypeReference;
8	import com.fasterxml.jackson.databind.DeserializationFeature;
9	import com.fasterxml.jackson.databind.JsonNode;
10	import com.fasterxml.jackson.databind.ObjectMapper;
11	import com.fasterxml.jackson.databind.ObjectWriter;
12	import com.fasterxml.jackson.databind.ser.impl.SimpleFilterProvider;
13	import com.fasterxml.jackson.databind.util.TokenBuffer;
14	import java.io.IOException;
15	import java.net.URLEncoder;
16	import java.util.HashMap;
17	import java.util.Locale;
18	import java.util.Map;
19
20	public class JsonManager {	×
21
22	public static final ObjectMapper OBJECT_MAPPER =	×
23	new ObjectMapper().disable(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES);	×
24
25	public static final SimpleFilterProvider EXPLICITLY_SET_FILTERS =	×
26	new SimpleFilterProvider()
27	.addFilter("nullablePropertyFilter", new NullablePropertyFilter())	×
28	.setFailOnUnknownId(false);	×
29
30	public static final ObjectWriter WRITER = OBJECT_MAPPER.writer(EXPLICITLY_SET_FILTERS);	×
31
32	public static JsonNode serialize(Object value) {
33	try {
34	TokenBuffer tokenBuffer = new TokenBuffer(OBJECT_MAPPER, false);	×
35	WRITER.writeValue(tokenBuffer, value);	×
36
37	JsonNode node = tokenBuffer.asParser().readValueAsTree();	×
38	tokenBuffer.close();	×
39
40	return node;	×
41	} catch (IOException e) {	×
42	throw new RuntimeException(e);	×
43	}
44	}
45
46	public static <T extends SerializableObject> T deserialize(JsonNode content, Class<T> valueType) {
47	T deserializedObject = OBJECT_MAPPER.convertValue(content, valueType);	×
48	deserializedObject.setRawData(content);	×
49	return deserializedObject;	×
50	}
51
52	public static JsonNode jsonToSerializedData(String text) {
53	try {
54	return OBJECT_MAPPER.readTree(text);	×
55	} catch (JsonProcessingException e) {	×
56	throw new RuntimeException(e);	×
57	}
58	}
59
60	public static JsonNode jsonToSerializedData(JsonParser jp) {
61	try {
62	return OBJECT_MAPPER.readTree(jp);	×
63	} catch (IOException e) {	×
64	throw new RuntimeException(e);	×
65	}
66	}
67
68	public static String sdToJson(JsonNode jsonNode) {
69	return jsonNode.toString();	×
70	}
71
72	public static String sdToUrlParams(JsonNode jsonNode) {
73	Map<String, String> map =	×
74	OBJECT_MAPPER.convertValue(jsonNode, new TypeReference<Map<String, String>>() {});	×
75	StringBuilder formData = new StringBuilder();	×
76	for (Map.Entry<String, String> entry : map.entrySet()) {	×
77	if (formData.length() != 0) {	×
78	formData.append('&');	×
79	}
80	formData.append(URLEncoder.encode(entry.getKey()));	×
81	formData.append('=');	×
82	formData.append(URLEncoder.encode(entry.getValue()));	×
83	}	×
84	return formData.toString();	×
85	}
86
87	public static String getSdValueByKey(JsonNode jsonNode, String key) {
88	return jsonNode.get(key).asText();	×
89	}
90
91	public static String sanitizedValue() {
92	return "---[redacted]---";	×
93	}
94
95	public static JsonNode sanitizeSerializedData(JsonNode sd, Map<String, String> keysToSanitize) {
96	if (sd == null \|\| !sd.isObject()) {	×
97	return sd;	×
98	}
99	Map<String, JsonNode> sanitizedDictionary = new HashMap<>();	×
100	sd.fields()	×
101	.forEachRemaining(	×
102	entry -> {
103	String key = entry.getKey();	×
104	JsonNode value = entry.getValue();	×
105	if (keysToSanitize.containsKey(key.toLowerCase(Locale.ROOT)) && value.isTextual()) {	×
106	sanitizedDictionary.put(key, new ObjectMapper().valueToTree(sanitizedValue()));	×
107	} else if (value.isObject()) {	×
108	sanitizedDictionary.put(key, sanitizeSerializedData(value, keysToSanitize));	×
109	} else {
110	sanitizedDictionary.put(key, value);	×
111	}
112	});	×
113
114	return new ObjectMapper().valueToTree(sanitizedDictionary);	×
115	}
116
117	public static String sanitizeFormEncodedBodyFromString(
118	String body, Map<String, String> keysToSanitize) {
NEW 119	if (body == null) {	×
NEW 120	return null;	×
121	}
122
NEW 123	String[] parameters = body.split("&", -1);	×
NEW 124	StringBuilder sanitizedBodyBuilder = new StringBuilder();	×
NEW 125	for (int i = 0; i < parameters.length; i++) {	×
NEW 126	if (i > 0) {	×
NEW 127	sanitizedBodyBuilder.append("&");	×
128	}
NEW 129	sanitizedBodyBuilder.append(sanitizeFormEncodedParameter(parameters[i], keysToSanitize));	×
130	}
NEW 131	return sanitizedBodyBuilder.toString();	×
132	}
133
134	private static String sanitizeFormEncodedParameter(
135	String parameter, Map<String, String> keysToSanitize) {
NEW 136	int separatorIndex = parameter.indexOf("=");	×
NEW 137	if (separatorIndex < 0) {	×
NEW 138	return parameter;	×
139	}
140
NEW 141	String key = parameter.substring(0, separatorIndex);	×
NEW 142	String value = parameter.substring(separatorIndex + 1);	×
NEW 143	String sanitizedValue =	×
NEW 144	keysToSanitize.containsKey(key.toLowerCase(Locale.ROOT)) ? sanitizedValue() : value;	×
NEW 145	return key + "=" + sanitizedValue;	×
146	}
147	}

box / box-java-sdk / #7023

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous